IP addresses can determine jurisdiction – as classically exploited by private and public surveillance agencies, BigTech, other data brokers, and just about any web site owner. This is well known. As is the fact that such tracking information is key to everyone’s commercial efforts to destroy net neutrality and undermine the web. But what does this mean for GDPR compliance? Can it be exploited for classifying individuals’ jurisdiction? Should it? What are the pros and cons? Theory (law) I note in [...]
ABSTRACT: must Controllers inform processors of the legal bases of processing? Prima facie no: but from a legal and business-strategic perspective the answer is very, very much more complex.
ABSTRACT: A list of current and future “how-to” posts on practical enterprise-specific GDPR compliance using public domain objects, with optional technology anyone can build.
ABSTRACT: Supervisors are interested in GDPR risks. Financial regulators are interested in financial risks. Often the latter may be derivative of the former. An obvious question arises: at what point might financial regulators become interested in data protection risks? Background: I was asked a question which for various conduct reasons I can’t possibly answer in the terms asked. That said, given its resonance with similar issues I’ve observed in the UK and other contexts, I’ve reformulated it to something so [...]